Bug 5094 auth_by_bind authentication can fail even if given a correct password and userid
When using <replicate>0</replicate> <!-- add new users from LDAP to Koha database --> <update>0</update> <!-- update existing users in Koha database -> <auth_by_bind>1</auth_by_bind> <!-- set to 1 to authenticate by binding instead of password comparison, e.g., to use Active Directory --> Auth_with_ldap attempts to lookup the userid in the LDAP directory to fill $userldapentry despite it being unneeded in this case. The information retrieved will be thrown away, thus there is no need to retrieve it. This can cause authentication to fail overall even if the initial bind with the user's credentials succeeded Signed-off-by: Joe Atzberger <ohiocore@gmail.com> Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
This commit is contained in:
parent
8996faae15
commit
7bb178e30b
1 changed files with 8 additions and 2 deletions
|
@ -119,8 +119,14 @@ sub checkpw_ldap {
|
|||
}
|
||||
|
||||
# FIXME dpavlin -- we really need $userldapentry leater on even if using auth_by_bind!
|
||||
my $search = search_method($db, $userid) or return 0; # warnings are in the sub
|
||||
$userldapentry = $search->shift_entry;
|
||||
|
||||
# BUG #5094
|
||||
# 2010-08-04 JeremyC
|
||||
# a $userldapentry is only needed if either updating or replicating are enabled
|
||||
if($config{update} or $config{replicate}) {
|
||||
my $search = search_method($db, $userid) or return 0; # warnings are in the sub
|
||||
$userldapentry = $search->shift_entry;
|
||||
}
|
||||
|
||||
} else {
|
||||
my $res = ($config{anonymous}) ? $db->bind : $db->bind($ldapname, password=>$ldappassword);
|
||||
|
|
Loading…
Reference in a new issue